CVE-2008-2310

Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/135.html
• https://cwe.mitre.org/data/definitions/67.html

References

• http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
• http://secunia.com/advisories/30802
• http://securitytracker.com/id?1020392
• http://support.apple.com/kb/HT2163
• http://www.securityfocus.com/bid/30018
• http://www.vupen.com/english/advisories/2008/1981/references
• https://exchange.xforce.ibmcloud.com/vulnerabilities/43494
• http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
• http://secunia.com/advisories/30802
• http://securitytracker.com/id?1020392
• http://support.apple.com/kb/HT2163
• http://www.securityfocus.com/bid/30018
• http://www.vupen.com/english/advisories/2008/1981/references
• https://exchange.xforce.ibmcloud.com/vulnerabilities/43494